Menu
Reply
  • 2.74K
  • 150
  • 436
chenks
Trouble shooter
179 Views
Message 11 of 20
Flag for a moderator

Re: Length of passwords

so what are you doing with the Wifi network name (ie the SSID) ?
and with WPA2 there is no need to have a password of more than even 20 characters (even that's a push), as the time to hack a WPA2 password is inordinately long.
0 Kudos
Reply
  • 12
  • 0
  • 0
Lindum
Tuning in
165 Views
Message 12 of 20
Flag for a moderator

Re: Length of passwords

I changed the SSID to something else to confuse any would be young hacker. I've been hacked in the past (when I had the Superhub 2) which made my downloads as slow as hell.

And the time it takes to hack any WiFi is not relevant to a hacker. They set up the hack and leave it running and go and do something else until the hack has finished, it could be hours or days it doesn't matter because when it finishes it sounds an alarm alerting the hacker back from whatever they were doing to see the results.

I've watched this happening in America while on a trip to computer trade fairs. While the fair's were running, small groups of teenagers who worked at the shows would get together in Motel rooms somewhere and exchange hacking tips and tricks with each other while their laptops were running Kali Linux hacks. 

I happens in the US and its happening around the corner from where you or I live and anybody who thinks otherwise is just plain dumb in my eyes. So Virgin wants to wise up and be more responsible and allow its customers to adopt passwords of what ever length they wish to use instead of these flimsy ones we have to endure at the moment.

0 Kudos
Reply
  • 25.51K
  • 1.07K
  • 4.12K
Superuser
Superuser
160 Views
Message 13 of 20
Flag for a moderator

Re: Length of passwords

and you have to be in range of the network and stay in range and it can take months.years.


0 Kudos
Reply
  • 105
  • 5
  • 23
louis-m
Up to speed
155 Views
Message 14 of 20
Flag for a moderator

Re: Length of passwords

You are right to a degree about them setting a brute force and letting it go.
But..... have you seen the difference in the time it takes to brute force an 9 character (complex) password compared to an 8 character password? Let alone a 20 character password.
They could have a conference running for years and still not get a 20 character complex password.

If you have been hacked, it's because of the following:
1. An unpatched vulnerability
2. Unsecure password policies ie dictionary word, not long enough
3. Other vunerability, virus, worn, trojan, reverse connection etc via phishing etc

It generally isn't via passwords unless they are weak. What you witnessed was people sniffing traffic so whenever using public wifi, always use a vpn or ensure that any logins etc are done using SSL and that includes your mail clients using IMAP, POP etc.
0 Kudos
Reply
  • 12
  • 0
  • 0
Lindum
Tuning in
155 Views
Message 15 of 20
Flag for a moderator

Re: Length of passwords

My God you must have a wind up laptop if it takes that long to hack virgins very short passwords.

0 Kudos
Reply
  • 2.74K
  • 150
  • 436
chenks
Trouble shooter
143 Views
Message 16 of 20
Flag for a moderator

Re: Length of passwords


@Lindum wrote:

My God you must have a wind up laptop if it takes that long to hack virgins very short passwords.


you clearly have a misunderstanding of what WPA2 is.
WEP is easily hacked, WPA2 isn't.

chaning your SSID won't deter anyone. the SSID has nothing to do with how difficult a network is to "hack".
in fact most hackers don't even look for an SSID.

if you were "hacked" before, and i'm not even sure you understand what hacking actually is, then it will have been nothing to do with your SSID or password.

0 Kudos
Reply
  • 12
  • 0
  • 0
Lindum
Tuning in
141 Views
Message 17 of 20
Flag for a moderator

Re: Length of passwords

Yer I agree with what your saying, but you've got to take into account that the average Virgin customer is still using that password stuck to the bottom of the hub oblivious to the young hacker living next door or up the street and doesn't know anything about VPN's and SSL.

The majority of mobile phone owners in the UK have their Bluetooth switched on to be 'seen by all' all the time because they don't understand the electronics in their hands. All they want to do is text and surf the Internet.

The same goes for Virgin customers in general who get their hubs delivered, open up the box it came in , throw away the user manual and plug the hub in and start surfing. 

0 Kudos
Reply
  • 2.74K
  • 150
  • 436
chenks
Trouble shooter
135 Views
Message 18 of 20
Flag for a moderator

Re: Length of passwords

and the preset WIFI password is more then enough secure.
as you have been told, the time to hack a WPA2 of that length is extremtely long (even on a non wind up laptop).

if you are that worried then disable WIFI completely and wrap your house in tin-foil.
0 Kudos
Reply
  • 11.58K
  • 1.06K
  • 2.49K
griffin
Alessandro Volta
126 Views
Message 19 of 20
Flag for a moderator

Re: Length of passwords

@Lindum wrote:

My God you must have a wind up laptop if it takes that long to hack virgins very short passwords.

Trying to crack a 8 character long password comprising of upper\lower case characters, numbers and special characters (96 characters, 7.2 Quadrillion permutations) with a decent multicore PC capable of 10 million guesses a second will take up to around 23 years to crack, giving the hacker plenty of time to go on several world cruises whilst waiting for the alarm.

A 10 character with the same random mixture the alarm will go off in around 212019 AD around teatime

0 Kudos
Reply
  • 25.51K
  • 1.07K
  • 4.12K
Superuser
Superuser
115 Views
Message 20 of 20
Flag for a moderator

Re: Length of passwords

Ahh Man. 3 years that sucks Smiley Sad

Session..........: hashcat
Status...........: Running
Hash.Type........: WPA-EAPOL-PBKDF2
Hash.Target......: f:\temp\out
Time.Started.....: Sat Jan 05 14:13:59 2019 (20 secs)
Time.Estimated...: Wed Nov 10 13:51:36 2021 (2 years, 309 days)
Guess.Mask.......: ?1?1?1?1?1?1?1?2 [8]
Guess.Charset....: -1 ?l?u, -2 ?d, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 114.4 kH/s (14.99ms) @ Accel:64 Loops:16 Thr:256 Vec:1
Recovered........: 0/7 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 2097152/10280717025280 (0.00%)
Rejected.........: 0/2097152 (0.00%)
Restore.Point....: 0/197706096640 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:4-5 Iteration:1376-1392
Candidates.#1....: aarieri1 -> aIyKANA1

0 Kudos
Reply